← Back

CVE-2012-3272

nvd nist
Published: Dec 6, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (7)

Hp
7 products
Color Laserjet Cm3530
Color Laserjet Cm60xx
Color Laserjet Cp3525
Color Laserjet Cp4xxx
Color Laserjet Cp6015
Laserjet P3015
Laserjet P4xxx
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Color Laserjet Cm3530
Up to 53.190.8
Color Laserjet Cm60xx
Up to 53.190.8
Color Laserjet Cp3525
Up to 06.140.3.17
Color Laserjet Cp4xxx
Up to 07.120.5
Color Laserjet Cp6015
Up to 04.160.2
Laserjet P3015
Up to 07.140.2
Laserjet P4xxx
Up to 04.170.2

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: hp-security-alert@hp.com
Source: hp-security-alert@hp.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.